Equifax said it discovered the breach on July 29. "Criminals exploited a U.S. website application vulnerability to gain access to certain files," the company explained.

Leaked data includes names, birth dates, social security numbers, addresses and potentially drivers licenses. 209,000 U.S. credit card numbers were also obtained, in addition to "certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."